Create New Topic

John Honovich

I have not heard of a VSaaS provider making that claim (of course there may be some out there). I checked online specifically for Axis AVHS (since they are one of the oldest) but found no matches for HIPAA.

Question to all: How does one certify one's surveillance system as HIPAA conformant / compliant?

Create New Topic

John Honovich

Daniel, thanks for sharing. That link is informative. I just want to emphasize that list is about storage in general, not about VSaaS applications that might run on top of those storage services. You would definitely need verification / assurances from the VSaaS provider directly on HIPAA conformance.

Create New Topic

Steve Mitchell

I don't know nearly as much about HIPAA as PCI or NIST, et al., but from what I understand HIPAA would be looking for information assurance for any data related to patient privacy no matter where it's stored. That is, if you stored video of patients on a DVR in your hospital you'd need to be able to show the video data was secure (as per HIPAA guidelines). Likewise if you shoved that data to cloud storage or engaged a VSaaS provider you'd need to provide assurance the data was secure in transit and at rest with them as well.

Since cloud based storage is a service, you'd need to work with the service provider to achieve HIPAA conformance.

Ironically, a lot of the data security standards say things about the use of video to keep data secure (i.e, you need to have video of your data storage servers and secure areas), but say little if anything about the secure storage of that video itself. In and around HIPAA I think you'd have to consider images of patients as being private, and would want to limit how much video of patients you actually generate in order to lessen your liabilty there.

Create New Topic

Undisclosed #1

It's been a few years since I worked much with HIPAA, and it was more in an IT security sense. But take for example a medical facility that specializes in cancer treatments. Simply identifying a patient of this facility can violate some facets of HIPAA, since you could reaonably assume they are not there to receive a flu vaccine, they are there for a specific medical condition. So in some sense, any video of patients that could be corellated to a specific facility, or specifc treatment area in a larger hospital could be considered PII in some cases.

Personally, I wouldn't try to promote current VSaaS products in hospital settings.

Create New Topic

Michael Silva

Hospitals of any size tend to have high camera counts, probably making them poor applications for VSaaS anyway. VsaaS could potentially be used at smaller medical offices and clinics, but most of these have so many other HIPAA non-compliance issues that the vulnerability of video surveillance data would be far from the top of the list. (Remember those medical records stored on open shelves that you saw the last time that you visited your doctor?)

Not saying that precautions shouldn't be taken, but in reality, this is probably a non-issue.

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.